Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.

A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialling technology from US-based Axon, which makes products for the military and law enforcement.

Up to 50 officers are taking part in the trial this month, according to reports. Officers won’t turn the cameras on in the field until they’re actively investigating or enforcing, representatives from Axon said.

When the cameras are activated, the recognition software will run in the background, not reporting anything to the wearer. The camera captures images of anyone within roughly four feet of the officer and sends them to a cloud service, where it will be compared against 6,341 people already flagged in the police system. According to police and Axon, images that don’t match the list will be deleted, and the database is entirely owned by the Police Service, meaning that Axon doesn’t get to see it.

This represents a turnaround for Axon. In 2019, its first ethics board report said that facial recognition wasn’t reliable enough for body cameras.

CEO Rick Smith said at the time:

> “Current face matching technology raises serious ethical concerns. In addition, there are technological limitations to using this technology on body cameras. Consistent with the board’s recommendation, Axon will not be commercializing face matching products on our body cameras at this time.”

Two years later, nine of the board’s members resigned after the company reportedly went against their recommendations by pursuing plans for taser-equipped drones. Axon subsequently put the drone project on hold.

Gideon Christian, an associated law professor at the University of Calgary (in Alberta, the same province as Edmonton), told Yahoo News that the Edmonton Police Service’s move would transform bodycams from a tool making police officers accountable to a tool of mass surveillance:

> “This tool is basically now being thrown from a tool for police accountability and transparency to a tool for mass surveillance of members of the public.”

**Policy spaghetti in the US and further afield**

This wouldn’t be the first time that police have tried facial recognition, often with lamentable results. The American Civil Liberties Union identified at least seven wrongful arrests in the US thanks to inaccurate facial recognition results, and that was in April 2024. Most if not all of those incidents involved black people, it said. Facial recognition datasets have been found to be racially biased.

In June 2024, police in Detroit agreed not to make arrests based purely on facial recognition as part of a settlement for the wrongful arrest of Robin Williams. Williams, a person of color, was arrested for theft in front of his wife and daughter after detectives relied heavily on an inaccurate facial recognition match.

More broadly in the US, 15 states had limited police use of facial recognition as of January this year, although some jurisdictions are reversing course. New Orleans reinstated its use in 2022 after a spike in homicides. Police have also been known to request searches from law enforcement in neighboring cities if they are banned from using the technology in their own municipality.

Across the Atlantic, things are equally mixed. The EU AI Act bans live facial recognition in public spaces for law enforcement, with narrow exceptions. The UK, meanwhile, which hasn’t been a part of Europe since 2018, doesn’t have any dedicated facial recognition legislation. It has already deployed the technology for some police forces, which are often used to track children. UK prime minister Keir Starmer announced plans to use facial recognition tech more widely last year, prompting rebuke from privacy advocates.

The Edmonton Police Force will review the results of the trial and decide whether to move forward with broader use of the technology in 2026.

**We don’t just report on data privacy—we help you remove your personal information**

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

**About the author**

Danny Bradbury has been a journalist specialising in technology since 1989 and a freelance writer since 1994. He covers a broad variety of technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector. He hails from the UK but now lives in Western Canada.

 Canadian police trialling facial recognition bodycams 

A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialing technology from US-based Axon, which makes products for the military and law enforcement.

Up to 50 officers are taking part in the trial this month, according to reports. Officers won’t turn the cameras on in the field until they’re actively investigating or enforcing, representatives from Axon said.

When the cameras are activated, the recognition software will run in the background, not reporting anything to the wearer. The camera captures images of anyone within roughly four feet of the officer and sends them to a cloud service, where it will be compared against 6,341 people already flagged in the police system. According to police and Axon, images that don’t match the list will be deleted, and the database is entirely owned by the Police Service, meaning that Axon doesn’t get to see it.

This represents a turnaround for Axon. In 2019, its first ethics board report said that facial recognition wasn’t reliable enough for body cameras.

CEO Rick Smith said at the time:

> “Current face matching technology raises serious ethical concerns. In addition, there are technological limitations to using this technology on body cameras. Consistent with the board’s recommendation, Axon will not be commercializing face matching products on our body cameras at this time.”

Two years later, nine of the board’s members resigned after the company reportedly went against their recommendations by pursuing plans for taser-equipped drones. Axon subsequently put the drone project on hold.

Gideon Christian, an associated law professor at the University of Calgary (in Alberta, the same province as Edmonton), told Yahoo News that the Edmonton Police Service’s move would transform bodycams from a tool making police officers accountable to a tool of mass surveillance:

> “This tool is basically now being thrown from a tool for police accountability and transparency to a tool for mass surveillance of members of the public.”

**Policy spaghetti in the US and further afield**

This wouldn’t be the first time that police have tried facial recognition, often with lamentable results. The American Civil Liberties Union identified at least seven wrongful arrests in the US thanks to inaccurate facial recognition results, and that was in April 2024. Most if not all of those incidents involved black people, it said. Facial recognition datasets have been found to be racially biased.

In June 2024, police in Detroit agreed not to make arrests based purely on facial recognition as part of a settlement for the wrongful arrest of Robin Williams. Williams, a person of color, was arrested for theft in front of his wife and daughter after detectives relied heavily on an inaccurate facial recognition match.

More broadly in the US, 15 states had limited police use of facial recognition as of January this year, although some jurisdictions are reversing course. New Orleans reinstated its use in 2022 after a spike in homicides. Police have also been known to request searches from law enforcement in neighboring cities if they are banned from using the technology in their own municipality.

Across the Atlantic, things are equally mixed. The EU AI Act bans live facial recognition in public spaces for law enforcement, with narrow exceptions. The UK, meanwhile, which hasn’t been a part of Europe since 2018, doesn’t have any dedicated facial recognition legislation. It has already deployed the technology for some police forces, which are often used to track children. UK prime minister Keir Starmer announced plans to use facial recognition tech more widely last year, prompting rebuke from privacy advocates.

The Edmonton Police Force will review the results of the trial and decide whether to move forward with broader use of the technology in 2026.

**We don’t just report on data privacy—we help you remove your personal information**

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

**About the author**

Danny Bradbury has been a journalist specialising in technology since 1989 and a freelance writer since 1994. He covers a broad variety of technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector. He hails from the UK but now lives in Western Canada.

 Canadian police trialing facial recognition bodycams 

Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.

Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can prove who you are across devices.

Chrome is by far the world’s most popular browser, with an estimated 3.4 billion users. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.

That’s why it’s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don’t delay restarting the browser as updates usually fix exactly this kind of risk.

**How to update Chrome**

The latest version number is **143.0.7499.40/.4**1 for Windows and macOS, and **143.0.7499.40** for Linux. So, if your Chrome is on version **143.0.7499.40 or later,** it’s protected from these vulnerabilities.

The easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To update manually, click the **More** menu (three dots), then go to **Settings** > **About Chrome**. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.

You can also find step-by-step instructions in our guide to how to update Chrome on every operating system.

**Technical details**

One of the vulnerabilities was found in the Digital Credentials feature and is tracked as **CVE-2025-13633**. As usual Google is keeping the details sparse until most users have updated. The description says:

> Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

That sounds complicated so let’s break it down.

**Use after free (UAF)** is a specific type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, let an attackers run their own code.

**The renderer process** is the part of modern browsers like Chrome that turns HTML, CSS, and JavaScript into the visible webpage you see in a tab. It’s sandboxed for safety, separate from the browser’s main “browser process” that manages tabs, URLs, and network requests. So, for HTML pages, this is essentially the browser’s webpage display engine.

**The heap** is an area of memory made available for use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.

A “remote attacker who had compromised the renderer” means the attacker would already need a foothold (for example, via a malicious browser extension) and then lure you to a site containing specially crafted HTML code.

So, my guess is that this vulnerability could be abused by a malicious extension to steal the information handled through Digital Credentials. The attacker could access information normally requiring a passkey, making it a tempting target for anyone trying to steal sensitive information.

Some of the fixes also apply to other Chromium browsers, so if you use Brave, Edge, or Opera, for example, you should keep an eye out for updates there too.

**We don’t just report on threats—we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 Update Chrome now: Google fixes 13 security issues affecting billions 

Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token.

Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token.

Researchers are warning about a rise in cases where this method is used against educational institutions.

Evilginx is an attacker-in-the-middle phishing toolkit that sits between you and the real website, relaying the genuine sign-in flow so everything looks normal while it captures what it needs. Because it sends your input to the real service, it can collect your username and password, as well as the session cookie issued after you complete MFA.

Session cookies are temporary files websites use to remember what you’re doing during a single browsing session–like staying signed in or keeping items in a shopping cart. They are stored in the browser’s memory and are automatically deleted when the user closes their browser or logs out, making them less of a security risk than persistent cookies. But with a valid session cookie the attacker can keep the session alive and continue as if they were you. Which, on a web shop or banking site could turn out to be costly.

**Attack flow**

The attacker sends you a link to a fake page that looks exactly the same as, for example, a bank login page, web shop, or your email or company’s single sign-on (SSO) page. In reality, the page is a live proxy to the real site.

Unaware of the difference, you enter your username, password, and MFA code as usual. The proxy relays this to the real site which grants access and sets a session cookie that says “this user is authenticated.”

But Evilginx isn’t just stealing your login details, it also captures the session cookie. The attacker can reuse it to impersonate you, often without triggering another MFA prompt.

Once inside, attackers can browse your email, change security settings, move money, and steal data. And because the session cookie says you’re already verified, you may not see another MFA challenge. They stay in until the session expires or is revoked.

Banks often add extra checks here. They may ask for another MFA code when you approve a payment, even if you’re already signed in. It’s called step-up authentication. It helps reduce fraud and meets Strong Customer Authentication rules by adding friction to high-risk actions like transferring money or changing payment details.

**How to stay safe**

Because Evilginx proxies the real site with valid TLS and live content, the page looks and behaves correctly, defeating simple “look for the padlock” advice and some automated checks.

Attackers often use links that live only for a very short time, so they disappear again before anyone can add them to a block list.​ Security tools then have to rely on how these links and sites behave in real time, but behavior‑based detection is never perfect and can still miss some attacks.

So, what you can and should do to stay safe is:

*   **Be careful with links that arrive in an unusual way.** Don’t click until you’ve checked the sender and hovered over the destination. When in doubt, feel free to use Malwarebytes Scam Guard on mobiles to find out whether it’s a scam or not. It will give you actionable advice on how to proceed.
*   **Use up-to-date real-time anti-malware protection** with a web component.
*   **Use a password manager.** It only auto-fills passwords on the exact domain they were saved for, so they usually refuse to do this on look‑alike phishing domains such as paypa1\[.\]com or micros0ft\[.\]com. But Evilginx is trickier because it sits in the middle while you talk to the real site, so this is not always enough.
*   **Where possible, use phishing-resistant MFA.** Passkeys or hardware security keys, which bind authentication to your device are resistant to this type of replay.
*   **Revoke sessions **if you notice something suspicious**.** Sign out of all sessions and re-login with MFA. Then change your password and review account recovery settings.

Pro tip: Malwarebytes Browser Guard is a free browser extension that can detect malicious behavior on web sites.

**We don’t just report on threats—we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 Attackers have a new way to slip past your MFA 

We’ve seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims’ systems.

A new wave of attacks is exploiting legitimate Remote Monitoring and Management (RMM) tools like LogMeIn Resolve (formerly GoToResolve) and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support programs under false pretenses–disguising them as everyday utilities. Once installed, the tool gives attackers full remote access to the victim’s machine, evading many conventional security detections because the software itself is legitimate.

We’ve recently noticed an uptick in our telemetry for the detection name RiskWare.MisusedLegit.GoToResolve, which flags suspicious use of the legitimate GoToResolve/LogMeIn Resolve RMM tool.

Our data shows the tool was detected with several different filenames. Here are some examples from our telemetry:

The filenames also provide us with clues about how the targets were likely tricked into downloading the tool.

Here’s an example of a translated email sent to someone in Portugal:

As you can see, hovering over the link shows that it points to a file uploaded to Dropbox. Using a legitimate RMM tool and a legitimate domain like dropbox\[.\]com makes it harder for security software to intercept such emails.

Other researchers have also described how attackers set up fake websites that mimic the download pages for popular free utilities like Notepad++ and 7-Zip.

Clicking that malicious link delivers an RMM installer that’s been pre-configured with the attacker’s unique “CompanyId”–a hardcoded identifier tying the victim machine directly to the attacker’s control panel.

This ID lets them instantly spot and connect to the newly infected system without needing extra credentials or custom malware, as the legitimate tool registers seamlessly with their account. Firewalls and other security tools often allow their RMM traffic, especially because RMMs are designed to run with admin privileges. The result is that malicious access blends in with normal IT admin traffic.

**How to stay safe**

By misusing trusted IT tools rather than conventional malware, attackers are raising the bar on stealth and persistence. Awareness and careful attention to download sources are your best defense.

*   Always download software directly from official websites or verified sources.
*   Check file signatures and certificates before installing anything.
*   Verify unexpected update prompts through a separate, trusted channel.
*   Keep your operating system and software up to date.
*   Use an up-to-date, real-time anti-malware solution. Malwarebytes for Windows now includes Privacy Controls that alert you to any remote-access tools it finds on your desktop.
*   Learn how to spot social engineering tricks used to push malicious downloads.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 How attackers use real IT tools to take over your computer 

Your antivirus scans files. But what about attacks that never create files? Here's how we catch the threats hiding on your family's computers.

Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But what about attacks that never create files? Fileless malware is a fast-growing threat that evades traditional antivirus software, because simply, it’s looking for files that don’t exist.

Here’s how Malwarebytes goes beyond signature scans and file analysis to catch those fileless threats hiding on your family’s computers. 

****What are fileless attacks?** **

Most malware leaves a trail. It drops files on your hard drive so it can survive when you restart your computer. Those files are what traditional antivirus software hunts for.

Fileless attacks play by different rules, living only in your computer’s active memory. This means they vanish when you reboot, but they do their damage before that happens. 

Fileless attacks don’t bring in their own files at all. Instead, they hijack legitimate Windows tools that your computer already trusts. PowerShell, for example, is a built-in program that helps Windows run everyday tasks. Fileless malware slips into memory, runs harmful commands through tools like PowerShell, and blends in with normal system activity.

Because Windows sees these tools as safe, it doesn’t throw up red flags. And because there are no malicious files saved to the disk, traditional antivirus has nothing to scan or quarantine, missing them completely.

Fileless attacks are becoming more common because they work. Cybercriminals use them to steal your passwords, freeze your files for ransom, or turn your computer into a cryptocurrency-mining machine without you knowing.

****How Malwarebytes stops these invisible attacks** **

Malwarebytes takes a different approach. Instead of just scanning files on your hard drive, we watch what programs are actually doing in your computer’s memory. We developed comprehensive protection creating a defense system that works in two powerful ways: 

**Defense Layer 1: Script Monitoring**  

Script Monitoring catches dangerous code before it runs. Whether it’s PowerShell, VBScript, JavaScript, or other scripts, we inspect them the moment they try to execute. Malicious? Blocked instantly. Safe? Runs normally. 

Attackers scramble their malicious code so it looks like gibberish. Imagine a secret message where every letter is shifted three places in the alphabet. Our technology automatically decodes these scrambled commands, revealing what they’re really up to.  

**Defense Layer 2: Command-Line Protection**  

Command-Line Protection tracks what programs are trying to do when they run commands on your system.   

When programs like PowerShell, Windows Script Host, or other command tools run, we examine what they’re trying to do. Are they downloading files from suspicious websites? Trying to modify system files? Attempting to turn off security software? We catch these patterns even if attackers try to bypass the first layer of defense. 

**What might a **fileless attack look like?** **

Let’s look at specific attack scenarios and how Malwarebytes protects you: 

****Attack scenario 1: The disguised email attachment** **

You receive what looks like a legitimate invoice or document via email. When you open the Excel or Word attachment, it contains a macro (a small script that automates tasks). The macro looks harmless at first glance, but it’s actually scrambled to hide malicious commands.  

**What happens next:** The macro silently launches PowerShell in the background and tries to download ransomware. Your traditional antivirus sits idle because it’s waiting to see a file – but the file hasn’t been created yet. 

**How Malwarebytes stops it:** Our Script Monitoring unscrambles the macro, sees it trying to download ransomware, and blocks the PowerShell command immediately. The ransomware never reaches your computer. You see a notification that Malwarebytes blocked a threat, and your files stay safe. 

****Attack scenario 2: The silent cryptocurrency miner** **

You visit a normal-looking website or click on an ad. Hidden JavaScript code starts running immediately, hijacking your computer’s processor to mine cryptocurrency. You notice your laptop fan spinning louder, the computer running hotter, but you don’t connect the dots. Meanwhile, your electricity bill creeps up month after a month. 

**What happens next:** The script tries to load mining software directly into your computer’s memory using PowerShell or similar tools. It runs continuously in the background, stealing your computing power. 

**How Malwarebytes stops it:** Our Command-Line Scanner recognizes the mining script’s pattern and blocks it before it can start using your processor. Your computer maintains normal performance, and criminals can’t abuse your resources. 

****Attack scenario 3: The persistent backdoor** **

A sophisticated attacker wants long-term access to your computer. They use Windows Management Instrumentation (WMI), a legitimate Windows tool, to create a persistent backdoor. This backdoor lets them access your computer whenever they want, all without installing any traditional malware files. 

**What happens next:** Using WMI, they set up scheduled tasks that run invisible scripts in the background. These scripts give them a permanent remote access pass to your computer. Restart doesn’t help. The backdoor survives because it’s woven into Windows itself, disguised as a normal system task. 

**How Malwarebytes stops it:** Our protection monitors WMI activity for suspicious patterns. When we detect WMI being used to create unauthorized backdoors or scheduled tasks, we block the commands and alert you. The backdoor never gets established. 

**About Fileless Protection in Malwarebyes**

When choosing security software, ask: Can it protect against attacks that never write files? Can it catch memory-based threats? With Malwarebytes, the answer is yes. 

**Runs automatically**

You don’t need to set anything up. Fileless Protection runs quietly in the background from the moment you install it. You won’t notice it until it blocks an attack and keeps your files safe.

**Works with your everyday tools**

Your legitimate programs and scripts work normally. You can run PowerShell, use your business software, and browse the web without interruption. We only step in when there’s a real threat.

**Part of a bigger defence**

Fileless Protection is one layer in Malwarebytes’ broader security stack, working alongside machine-learning detection, web protection, and exploit protection. Each layer supports the others, so if one misses something, another catches it.

**Stops attacks that never write files**

Fileless attacks hide in memory, but they’re not unstoppable. Fileless Protection watches what programs do in memory, analyzes suspicious commands, and blocks attacks before they can steal data or damage your files.

**Included with Malwarebytes Premium**

Fileless Protection is included in Malwarebytes Premium. Whether you’re protecting your home devices or your small business systems, Malwarebytes works automatically, stays out of your way, and catches threats that traditional antivirus often misses.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Core Technology is the team behind the protection engine that powers Malwarebytes products. From threat detection and performance optimization to SDK innovation and telemetry, the group builds the foundational technology that keeps users safe across every platform.

 Fileless protection explained: Blocking the invisible threat others miss 

After seven years of acting like normal add-ons, five popular Chrome and Edge extensions with millions of installs suddenly turned malicious.

Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed on roughly 4.3 million Chrome and Edge users’ devices suddenly went rogue. Now they can track what you browse and run malicious code inside your browser.

The researchers found five extensions that operated cleanly for years before being weaponized in mid-2024. The developers earned trust, built up millions of installs, and even collected “Featured” or “Verified” status in the Chrome and Edge stores. Then they pushed silent updates that turned these add-ons into spyware and malware.

The extensions turned into a remote code execution framework. They could download and run malicious JavaScript inside the browser and collect information about visited sites and the user’s browser, sending it all back to attackers believed to be based in China.

One of the most prevalent of these extensions is WeTab, with around three million installs on Edge. It acts as spyware by streaming visited URLs, search queries, and other data in real time. The researchers note that while Google has removed the extensions, the Edge store versions are still available.

Playing the long game is not something cybercriminals usually have the time or patience for.

The researchers attributed the campaign to the ShadyPanda group, which has been active since at least 2018 and launched their first campaign in 2023. That was a simpler case of affiliate fraud, inserting affiliate tracking codes into users’ shopping clicks.

What the group did learn from that campaign was that they could get away with deploying malicious updates to existing extensions. Google vets new extensions carefully, but updates don’t get the same attention.

It’s not the first time we’ve seen this behavior, but waiting for years is exceptional. When an extension has been available in the web store for a while, cybercriminals can insert malicious code through updates to the extension. Some researchers refer to the clean extensions as “sleeper agents” that sit quietly for years before switching to malicious behavior.

This new campaign is far more dangerous. Every infected browser runs a remote code execution framework. Every hour, it checks api.extensionplay[.]com for new instructions, downloads arbitrary JavaScript, and executes it with full browser API access.

**How to find malicious extensions manually**

The researchers at Koi shared a long list of Chrome and Edge extension IDs linked to this campaign. You can check if you have these extensions in your browser:

**In Chrome**

1.  Open Google Chrome.
2.  In the address bar at the top, type **chrome://extensions/** and press **Enter**.​ This opens the Extensions page, which shows all extensions installed in your browser.​
3.  At the top right of this page, turn on **Developer mode**.
4.  Now each extension card will show an extra line with its **ID.**​
5.  Press **Ctrl+F** (or **Cmd+F** on Mac) to open the search box and paste the ID you’re checking (e.g. eagiakjmjnblliacokhcalebgnhellfi) into the search box.

If the page scrolls to an extension and highlights the ID, it’s installed. If it says _No results found_, it isn’t in that Chrome profile.​

If you see that ID under an extension, it means that particular add‑on is installed for the current Chrome profile.​

To remove it, click **Remove** on that extension’s card on the same page.

**In Edge**

Since Edge is a Chromium browser the steps are the same, just go to **edge://extensions/** instead.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 “Sleeper” browser extensions woke up as spyware on 4 million devices 

This week on the Lock and Code podcast, we revisit three stories about smart devices that want to collect more data than people may know.

_This week on the Lock and Code podcast_…

It’s often said online that if a product is free, you’re the product, but what if that bargain was no longer true? What if, depending on the device you paid hard-earned money for, you _still_ became a product yourself, to be measured, anonymized, collated, shared, or sold, often away from view?

In 2024, a consumer rights group out of the UK teased this new reality when it published research into whether people’s air fryers—seriously–might be spying on them.

By analyzing the associated Android apps for three separate air fryer models from three different companies, researchers learned that these kitchen devices didn’t just promise to make crispier mozzarella sticks, crunchier chicken wings, and flakier reheated pastries—they also wanted a lot of user data, from precise location to voice recordings from a user’s phone.

As the researchers wrote:

> “In the air fryer category, as well as knowing customers’ precise location, all three products wanted permission to record audio on the user’s phone, for no specified reason.”

Bizarrely, these types of data requests are far from rare.

Today, on the Lock and Code podcast, we revisit a 2024 episode in which host David Ruiz tells three separate stories about consumer devices that somewhat invisibly collected user data and then spread it in unexpected ways. This includes kitchen utilities that sent data to China, a smart ring maker that published de-identified, aggregate data about the stress levels of its users, and a smart vacuum that recorded a sensitive image of a woman that was later shared on Facebook.

These stories aren’t about mass government surveillance, and they’re not about spying, or the targeting of political dissidents. Their intrigue is elsewhere, in how common it is for what we say, where we go, and how we feel, to be collected and analyzed in ways we never anticipated.

Tune in today to listen to the full conversation.

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

 Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24) 

Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test?

Most of the big AI makers don’t like people using their models for unsavory activity. Ask one of the mainstream AI models how to make a bomb or create nerve gas and you’ll get the standard “I don’t help people do harmful things” response.

That has spawned a cat-and-mouse game of people who try to manipulate AI into crossing the line. Some do it with role play, pretending that they’re writing a novel for example. Others use prompt injection, slipping in commands to confuse the model.

Now, the folks at AI safety and ethics group Icaro Lab are using poetry to do the same thing. In a study, “Adversarial Poetry as a Universal Single-Turn Jailbreak in Large Language Models“, they found that asking questions in the form of a poem would often lure the AI over the line. Hand-crafted poems did so 62% of the time across the 25 frontier models they tested. Some exceeded 90%, the research said.

**How poetry convinces AIs to misbehave**

Icaro Lab, in conjunction with the Sapienza University and AI safety startup DEXAI (both in Rome), wanted to test whether giving an AI instructions as poetry would make it harder to detect different types of dangerous content. The idea was that poetic elements such as metaphor, rhythm, and unconventional framing might disrupt pattern-matching heuristics that the AI’s guardrails rely on to spot harmful content.

They tested this theory in high-risk areas ranging from chemical and nuclear weapons through to cybersecurity, misinformation, and privacy. The tests covered models across nine providers, including all the usual suspects: Google, OpenAI, Anthropic, Deepseek, and Meta.

One way the researchers calculated the scores was by measuring the attack success rate (ASR) across each provider’s models. They first used regular prose prompts, which managed to manipulate the AIs in some instances. Then they used prompts written as poems (which were invariably more successful). Then, the researchers subtracted the percentage of ASRs achieved using prose from the percentage using poetry to see how much more susceptible a provider’s models were to malicious instructions delivered as poetry versus prose.

Using this method, DeepSeek (an open-source model developed by researchers in China) was the least safe, with a 62% ASR. Google was the second least safe. Down at the safer end of the chart, the safest model provider was Anthropic, which produces Claude. Safe, responsible AI has long been part of that company’s branding. OpenAI, which makes ChatGPT, was the second most safe with an ASR difference of 6.95.

When looking purely at the ASRs for the top 20 manually created malicious poetry prompts, Google’s Gemini 2.5 Pro came bottom of the class. It failed to refuse any such poetry prompts. OpenAI’s gpt-5-nano (a very small model) successfully refused them all. That highlights another pattern that surfaced during these tests: smaller models in general were more resistant to poetry prompts that larger ones.

Perhaps the truly mind-bending part is that this didn’t just work with hand-crafted poetry; the researchers also got AI to rewrite 1,200 known malicious prompts from a standard training set. The AI-produced malicious poetry still achieved an average ASR of 43%, which is 18 times higher than the regular prose prompts. In short, it’s possible to turn one AI into a poet so that it could jailbreak another AI (or even itself).

According to EWEEK, companies were tight-lipped about the results. Anthropic was the only one to respond, saying it was reviewing the findings. Meta declined to comment. Most companies said nothing at all.

**Regulatory implications**

The researchers had something to say, though. They pointed out that any benchmarks designed to test model safety should include complementary tests to capture risks like these. That’s worth thinking about in light of the EU AI Act’s General Purpose AI (GPAI) rules, which began rolling out in August last year. Part of the transition includes a voluntary code of practice that several major providers, including Google and OpenAI, have signed. Meta did not sign the code.

The code of practice encourages

> “providers of general-purpose AI models with systemic risk to advance the state of the art in AI safety and security and related processes and measures.”

In other words, they should keep abreast of the latest risks and do their best to deal with them. If they can’t acceptably manage the risks, then the EU suggests several steps, including not bringing the model to market.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**About the author**

Danny Bradbury has been a journalist specialising in technology since 1989 and a freelance writer since 1994. He covers a broad variety of technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector. He hails from the UK but now lives in Western Canada.

 Whispering poetry at AI can make it break its own rules 

Google’s December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can.

Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited.

The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn’t always mean the patches reach every device right away.

You can check your device’s Android version, security update level, and Google Play system update in **Settings**. You should get a notification when updates are ready for you, but you can also check for them yourself.

For most phones, go to **About phone** or **About device**, then tap **Software updates** to see if anything new is available for your device, although there may be slight differences based on the brand, type, and Android version you’re on.

If your Android phone shows a patch level of **2025-12-05** or later, these issues are fixed.

Keeping your device up to date protects you from known vulnerabilities and helps you stay safe.

**Technical details**

The two actively exploited vulnerabilities were found in the Android application framework layer. This is the set of core Java/Kotlin APIs, system services, and components that apps are built on top of.

The Android framework is a large collection of prebuilt classes, interfaces, and services that provide higher‑level access to operating system (OS) functionality such as activities, views, notifications, storage, networking, sensors, and so on. App code calls these framework APIs, which in turn talk to lower layers like system services, native libraries, and the kernel.

The vulnerabilities that are under limited, targeted active exploitation are tracked as:

*   CVE-2025-48633: Details are limited. There’s no published CVSS score yet to indicate the threat level, let alone how easy it is to exploit. All Google revealed is that the flaw was found in the Framework layer and that it rated it as a “High severity” flaw. One source suggests it stems from improper input validation that could let a local application gain access to sensitive information.

*   CVE-2025-48572 (CVSS score 7.4 out of 10): The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

**How to stay safe**

From the available information, attackers would need to trick a user into installing a malicious app that could then access sensitive data and run code on the device.

Which is another good reason to follow these safety precautions:

*   Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps.
*   Before installing finance‑related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.
*   Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
*   Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
*   Keep Android, Google Play services, and all important apps up to date so you get the latest security fixes.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Source

Malwarebytes